tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lajos <>
Subject Re: Multiple Virtual Hosts Single Sign On
Date Wed, 29 Jan 2003 00:13:33 GMT
Hm, you might be right on that - I've never actually done it. If you 
have a single <Host> defined in Tomcat, and enable single-signon, you'll 
get back a JSESSIONSSOID cookie. I would <i>think</i> that Tomcat could 
handle that in any context within the <Host>, but again, I haven't 
tested it.


Victor Soares wrote:
> Lajos,
> Yes, the 3 sites are going to be on the same box and apache is sitting in front.
> I haven't tried this, so correct me if I'm wrong... but from what I understand, even
if I JkMount directories within the virtual hosts to the same Tomcat instance, the session
will not span all 3 hosts. The session is tied to a cookie that is only valid to the host
that issued it. i.e. I'd get a session cookie from and it would only be
valid within
> thanks,
> - victor
>>>> 01/28/03 03:58PM >>>
> Victor -
> If you are talking about across different Tomcat instances no, there is 
> not (unless you want to write your own realm). If you have three virtual 
> hosts on the same server, the Tomcat SSO solution will support that. Are 
> you fronting Tomcat with Apache? 'Cause what you could do is have the 
> three virtual hosts defined in Apache and have individual JkMount 
> commands to make the correct context(s) avialable to each host. Just a 
> thought.
> Regards,
> Lajos
> Victor Soares wrote:
>>I have dug through the tomcat-user archives and have seen this question come up several
times, but there was no concrete solution so I'll bring it up again.
>>For an upcoming project, I am going to have 3 websites. ex:
>>Each website will have some features that require a login. It would be logical to
have the same username and password for all 3 and even more logical for the user to only have
to authenticate once for all 3 and have his/her session data maintained and available to all
>>Is there a single sign on solution that would provide that capability?
>>This concept of single sign on should not be confused with Tomcat's SSO. Tomcat's
SSO only provides SSO for different contexts within one virtual host. This is more of a SSO
solution along the lines of the .net passport.
>>Any help would be much appreciated.
>>- Victor Soares
>>To unsubscribe, e-mail: 
>>For additional commands, e-mail: 


                    Lajos Moczar
     Open Source Support, Consulting and Training
             Cocoon Developer's Handbook

                    _      _____
                   / \         /
                  /___\      /
                 /     \   /____ -- powered by AzSSL

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message